• New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely
    by noreply@blogger.com (Ravie Lakshmanan) on April 15, 2021 at 6:55 am

    Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what’s known as a “man-in-the-disk” attack that makes it possible for

  • NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers
    by noreply@blogger.com (Ravie Lakshmanan) on April 15, 2021 at 5:57 am

    In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that’s said to be

  • Critical Exchange Server Vulnerabilities let Attackers Execute Remote Code
    by Guru on April 14, 2021 at 5:22 pm

    Microsoft has released security updates for vulnerabilities found in the below versions of Exchange servers on the 13th April 2021 which is depicted as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483 Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 Updates Available for Specific Builds: These updates are available for the following specific builds of Exchange Server: Exchange The post Critical Exchange Server Vulnerabilities let Attackers Execute Remote Code appeared first on Cyber Security News.

  • New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
    by noreply@blogger.com (Ravie Lakshmanan) on April 14, 2021 at 3:50 pm

    Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the

  • 100 Million+ Devices Affected With Critical WRECK DNS Implementation Flaws
    by Guru on April 14, 2021 at 3:21 pm

    JSOF team together with Forescout Research Labs, have revealed a set of nine vulnerabilities related to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE). This vulnerability set, known as NAME: WRECK, could potentially allow attackers to take target devices offline or take control over them. NAME:WRECK Affects The post 100 Million+ Devices Affected With Critical WRECK DNS Implementation Flaws appeared first on Cyber Security News.

Spread the love